Oval Definition:	oval:org.opensuse.security:def:58118
Revision Date: 2020-12-01 Version: 1 Title: Security update for openssh (Moderate) Description: This update for openssh fixes the following issues: Security vulnerabilities addressed: - CVE-2019-6109: Fixed an character encoding issue in the progress display of the scp client that could be used to manipulate client output, allowing for spoofing during file transfers (bsc#1121816). - CVE-2019-6111: Properly validate object names received by the scp client to prevent arbitrary file overwrites when interacting with a malicious SSH server (bsc#1121821). Other issues fixed: - Fixed two race conditions in sshd relating to SIGHUP (bsc#1119183). - Returned proper reason for port forwarding failures (bsc#1090671). - Fixed a double free() in the KDF CAVS testing tool (bsc#1065237). Family: unix Class: patch Status: Reference(s): 1010399 1010405 1010406 1010408 1010409 1010421 1010423 1010424 1010425 1010426 1025108 1043008 1047281 1055478 1056996 1065237 1070737 1074235 1090671 1092548 1092611 1101644 1101645 1101651 1101656 1101820 1104301 1106812 1111622 1111657 1115034 1118987 1119183 1120374 1121816 1121821 1131709 1137990 1138748 1142772 1145692 1149429 1149792 1151021 1154738 1159548 1162197 1162200 1162202 1166844 1172037 1173351 1174633 1174635 1174638 947494 959933 966891 981848 982331 983922 987176 988361 990531 994399 CVE-2016-2830 CVE-2016-5011 CVE-2016-5289 CVE-2016-5292 CVE-2016-9063 CVE-2016-9067 CVE-2016-9068 CVE-2016-9069 CVE-2016-9071 CVE-2016-9073 CVE-2016-9075 CVE-2016-9076 CVE-2016-9077 CVE-2017-14107 CVE-2017-7789 CVE-2018-10903 CVE-2018-10903 CVE-2018-11805 CVE-2018-18074 CVE-2018-2938 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3639 CVE-2018-5150 CVE-2018-5151 CVE-2018-5152 CVE-2018-5153 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5160 CVE-2018-5163 CVE-2018-5164 CVE-2018-5165 CVE-2018-5166 CVE-2018-5167 CVE-2018-5168 CVE-2018-5169 CVE-2018-5172 CVE-2018-5173 CVE-2018-5174 CVE-2018-5175 CVE-2018-5176 CVE-2018-5177 CVE-2018-5178 CVE-2018-5179 CVE-2018-5180 CVE-2018-5181 CVE-2018-5182 CVE-2018-5183 CVE-2018-5383 CVE-2019-1010180 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-14835 CVE-2019-15903 CVE-2019-16782 CVE-2019-18634 CVE-2019-6109 CVE-2019-6111 CVE-2020-10531 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-1930 CVE-2020-1931 CVE-2020-8161 CVE-2020-8184 SUSE-SU-2016:2954-1 SUSE-SU-2017:2546-1 SUSE-SU-2018:1334-1 SUSE-SU-2018:3064-1 SUSE-SU-2019:0466-1 SUSE-SU-2019:1524-1 SUSE-SU-2019:2027-1 SUSE-SU-2019:2872-1 SUSE-SU-2019:2914-1 SUSE-SU-2020:0407-1 SUSE-SU-2020:0790-1 SUSE-SU-2020:0792-1 SUSE-SU-2020:0810-1 SUSE-SU-2020:1180-1 SUSE-SU-2020:2331-1 SUSE-SU-2020:2678-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information libpulse-mainloop-glib0-11.1-lp150.4 is installed OR libpulse0-11.1-lp150.4 is installed OR pulseaudio-11.1-lp150.4 is installed OR pulseaudio-bash-completion-11.1-lp150.4 is installed OR pulseaudio-lang-11.1-lp150.4 is installed OR pulseaudio-module-bluetooth-11.1-lp150.4 is installed OR pulseaudio-module-gconf-11.1-lp150.4 is installed OR pulseaudio-module-jack-11.1-lp150.4 is installed OR pulseaudio-module-lirc-11.1-lp150.4 is installed OR pulseaudio-module-x11-11.1-lp150.4 is installed OR pulseaudio-module-zeroconf-11.1-lp150.4 is installed OR pulseaudio-utils-11.1-lp150.4 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information chromedriver-79.0.3945.88-22 is installed OR chromium-79.0.3945.88-22 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information python-cffi-1.11.2-2.19 is installed OR python-cryptography-2.1.4-3.15 is installed OR python-xattr-0.7.5-3.2 is installed OR python3-cffi-1.11.2-2.19 is installed OR python3-cryptography-2.1.4-3.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libblkid1-2.28-42 is installed OR libblkid1-32bit-2.28-42 is installed OR libfdisk1-2.28-42 is installed OR libmount1-2.28-42 is installed OR libmount1-32bit-2.28-42 is installed OR libsmartcols1-2.28-42 is installed OR libuuid1-2.28-42 is installed OR libuuid1-32bit-2.28-42 is installed OR python-libmount-2.28-42 is installed OR util-linux-2.28-42 is installed OR util-linux-lang-2.28-42 is installed OR util-linux-systemd-2.28-42 is installed OR uuidd-2.28-42 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information MozillaFirefox-68.2.0-109.95 is installed OR MozillaFirefox-devel-68.2.0-109.95 is installed OR MozillaFirefox-translations-common-68.2.0-109.95 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information xen-4.7.5_04-43.33 is installed OR xen-doc-html-4.7.5_04-43.33 is installed OR xen-libs-4.7.5_04-43.33 is installed OR xen-libs-32bit-4.7.5_04-43.33 is installed OR xen-tools-4.7.5_04-43.33 is installed OR xen-tools-domU-4.7.5_04-43.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information java-1_8_0-openjdk-1.8.0.181-27.26 is installed OR java-1_8_0-openjdk-demo-1.8.0.181-27.26 is installed OR java-1_8_0-openjdk-devel-1.8.0.181-27.26 is installed OR java-1_8_0-openjdk-headless-1.8.0.181-27.26 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND ant-1.9.4-1 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libssh2-1-1.4.3-20.9 is installed OR libssh2-1-32bit-1.4.3-20.9 is installed OR libssh2_org-1.4.3-20.9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND binutils-2.32-9.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_143-94_47-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_16-7-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libpolkit0-0.113-5.18 is installed OR polkit-0.113-5.18 is installed OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information accountsservice-0.6.42-16.3 is installed OR accountsservice-lang-0.6.42-16.3 is installed OR libaccountsservice0-0.6.42-16.3 is installed OR typelib-1_0-AccountsService-1_0-0.6.42-16.3 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information openssh-7.2p2-74.42 is installed OR openssh-askpass-gnome-7.2p2-74.42 is installed OR openssh-fips-7.2p2-74.42 is installed OR openssh-helpers-7.2p2-74.42 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libgcrypt-1.6.1-16.68 is installed OR libgcrypt20-1.6.1-16.68 is installed OR libgcrypt20-32bit-1.6.1-16.68 is installed OR libgcrypt20-hmac-1.6.1-16.68 is installed OR libgcrypt20-hmac-32bit-1.6.1-16.68 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information kafka-0.10.2.2-5.6 is installed OR openstack-monasca-api-2.2.1~dev24-3.6 is installed OR python-monasca-api-2.2.1~dev24-3.6 is installed
BACK